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CTATMS 

What is claimed is: 

1 . A method for controlling access to a computer resource, the method 
comprising: 

receiving from a requesting entity a request for access to the computer 
resource; 

determining that the requesting entity has a proxy permission, wherein the 
proxy permission has at least one associated proxy rule; and 

granting access to the computer resource in dependence upon the proxy rule. 

2. The method of claim 1 wherein the proxy rule comprises at least one condition 
required for granting access to the computer resource. 

3. The method of claim 2 wherein the condition has a plurality of possible states. 

4. The method of claim 1 wherein determining that the requesting entity has a 
proxy permission further comprises finding, in dependence upon a requesting 
entity identification, an access control entry in an access control list for the 
computer resource. 
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5. The method of claim 1 wherein determining that the requesting entity has a 
proxy permission further comprises finding, in dependence upon a requesting 
entity identification, a proxy permission record in a proxy permission table. 

6. The method of claim 5 further comprising reading a proxy permission 
indicator fi-om a data structure representing the resource. 

7. The method of claim 5 further comprising reading a proxy permission 
indicator from an access control list for the resource. 

8. The method of claim 1 wherein the proxy rule comprises one or more 
conditions required for granting access to the computer resource and granting 
access to the computer resource based on the proxy rule further comprises: 

5 determining whether the conditions of the proxy rule are met; and 

permitting access to the computer resource if the conditions of the proxy rule 
are met. 

9. The method of claim 8 wherein each condition has a plurality of possible 
states and granting access to the computer resource based on the proxy rule 
further comprises evaluating the states of the conditions. 
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10. A system for controlling access to a computer resource, the system 
comprising: 

means for receiving from a requesting entity a request for access to the 
computer resource; 

means for determining that the requesting entity has a proxy permission, 
wherein the proxy permission has at least one associated proxy rule; and 

means for granting access to the computer resource in dependence upon the 
proxy rule. 

1 1 . The system of claim 1 0 wherein the proxy rule comprises at least one 
condition required for granting access to the computer resource. 

12. The system of claim 1 1 wherein the condition has a plurality of possible 
states. 

13. The system of claim 10 wherein means for determining that the requesting 
entity has a proxy permission fiirther comprises means for finding, in 
dependence upon a requesting entity identification, an access control entry in 
an access control list for the computer resource. 
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14. The system of claim 10 wherein means for determining that the requesting 
entity has a proxy permission further comprises means for finding, in 
dependence upon a requesting entity identification, a proxy permission record 
in a proxy permission table. 

15. The system of claim 14 further comprising means for reading a proxy 
permission indicator from a data structure representing the resource. 

16. The system of claim 14 further comprising means for reading a proxy 
permission indicator firom an access control list for the resource. 

1 7. The system of claim 1 0 wherein the proxy rule comprises one or more 
conditions required for granting access to the computer resource and means 
for granting access to the computer resource based on the proxy rule further 
comprises: 

means for determining whether the conditions of the proxy rule are met; and 

means for permitting access to the computer resource if the conditions of the 
proxy rule are met. 

1 8. The system of claim 1 7 wherein each condition has a plurality of possible 
states and means for granting access to the computer resource based on the 
proxy rule further comprises means for evaluating the states of the conditions. 
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19. A computer program product for controlling access to a computer resource, 
the computer program product comprising: 

a recording medium; 

means, recorded on the recording medium, for receiving from a requesting 
entity a request for access to the computer resource; 

means, recorded on the recording medium, for determining that the requesting 
entity has a proxy permission, wherein the proxy permission has at least one 
associated proxy rule; and 

means, recorded on the recording medium, for granting access to the computer 
resource in dependence upon the proxy rule. 

20. The computer program product of claim 19 wherein the proxy rule comprises 
at least one condition required for granting access to the computer resource. 

21 . The computer program product of claim 20 wherein the condition has a 
plurality of possible states. 

22. The computer program product of claim 19 wherein means, recorded on the 
recording medium, for determining that the requesting entity has a proxy 
permission further comprises means, recorded on the recording medium, for 
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finding, in dependence upon a requesting entity identification, an access 
control entry in an access control list for the computer resource. 

23. The computer program product of claim 19 wherein means, recorded on the 
recording medium, for determining that the requesting entity has a proxy 
permission further comprises means, recorded on the recording medium, for 
finding, in dependence upon a requesting entity identification, a proxy 
permission record in a proxy permission table. 

24. The computer program product of claim 23 fiirther comprising means, 
recorded on the recording medium, for reading a proxy permission indicator 
from a data structure representing the resource. 

25. The computer program product of claim 23 fiirther comprising means, 
recorded on the recording medium, for reading a proxy permission indicator 
fi-om an access control list for the resource. 

26. The computer program product of claim 19 wherein the proxy rule comprises 
one or more conditions required for granting access to the computer resource 
and means, recorded on the recording medium, for granting access to the 
computer resource based on the proxy rule fiirther comprises: 

means, recorded on the recording medium, for determining whether the 
conditions of the proxy rule are met; and 
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means, recorded on the recording medium, for permitting access to the 
computer resource if the conditions of the proxy rule are met. 

27. The computer program product of claim 26 wherein each condition has a 

plurality of possible states and means, recorded on the recording medium, for 
granting access to the computer resource based on the proxy rule further 
comprises means, recorded on the recording medium, for evaluating the states 
of the conditions. 



29 



